-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting High Alert ("SQL injection may be possible"), whie we are not using sql in the application. #8487
Comments
You should use 2.15 and provide the versions of the add-ons. |
Pro tip - use the technolgy option to turn off the SQL rules: https://www.zaproxy.org/blog/2023-11-20-technology-support/ In any case, theres no enough info in this issue for us to do anything. |
When I am trying to install 2.15 version then detecting malware while creating files in plugin folder |
Thats likely to be a problem with your malware detection software, not ZAP. |
It could be related to #8488 |
Any further details post upgrade? |
Describe the bug
Getting too many High Alert related to SQL injection, while we not using sql injection in hte application, we are using api with encrypted parameters, still getting this type of alert from zap tool active scan report.
Steps to reproduce the behavior
Expected behavior
there should not be Sql-Injection and MongoDb related alert in the report, both are not used in the application
Software versions
2.14.0
Screenshots
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?
The text was updated successfully, but these errors were encountered: